Analyse Software In A Remote Secure Environment - gHacks Tech News

Analyse Software In A Remote Secure Environment

Several remote services are available on the Internet that let you analyze submitted software programs or files for malicious content. It is like an online virus scanner so to speak.

Among them are Virus Total which uses more than fourty different antivirus engines to scan submitted files. All of them have one thing in common: they scan and analyze the uploaded file using signature databases and maybe heuristic methods which means that they may miss malicious code.

The benefit of a security scan in a remote secure environment is that the uploaded file or computer software programs get executed and analyzed while it is running which is different from analyzing a file while it is not running.

CW Sandbox is a web service with a similar looking frontend to all the other online virus scanners. What sets it apart is the remote secure environment that it uses to execute and analyze the files that get uploaded. It uses a sandbox to execute the file. and it will log all system activity that is connected to the file launch. The file analysis contains a summary but also a detailed list of changes to the file system, the Windows Registry and network activity plus a technical summary with additional information.

Each report is divided into different categories. The File Changes for example contains categories that list newly created, opened and deleted files and a summary that lists all file operations in chronological order. The network activity analysis will detail connections that have been established including host names, IP addresses and if data has been posted to one of those addresses.

remote secure software analysis

The submit form on the website of the project accepts files with a maximum size of 16 Megabytes. Zip files with up to 50 files can be uploaded to the service as well if the password is set to "infected". A link to the file analysis will be send to the email address that the user enters when submitting the files.

CW Sandbox is an excellent online service that provides an in depth analysis of submitted files. The only drawbacks are the 16 Megabyte file size limit and that the reports are send to an email address with an undefined wait time. A ticket system on the website directly detailing the place in queue and the estimated wait time would be really helpful for users who are submitting files to the service.

Update: The service is not freely available anymore on the web. It is only available as a professional service and called ThreatAnalyzer now.

Summary
Analyse Software In A Remote Secure Environment
Article Name
Analyse Software In A Remote Secure Environment
Description
CW Sandbox is a web service that will execute files in a secure environment to protocol all operations that goes along with the execution.
Author
Publisher
Ghacks Technology News
Logo




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. PsychEroc said on March 29, 2009 at 10:47 pm
      Reply

      Service is mostly for advanced users. I submitted a file known to deploy malware. The results came within minutes and were very detailed, including all changes made to the system. However, you have to analyze those changes yourself to determine if it is malware. I could not find anywhere that said MALWARE DETECTED. So, it details the symptoms but gives no diagnosis.

    2. xje4bv said on March 30, 2009 at 9:14 am
      Reply

      There are a few similar online services eg.Anubis and ThreatExpert. Or you could just run it offline sandboxed, with a registry/traffic connection monitor.
      http://anubis.iseclab.org/
      http://www.threatexpert.com/

    Leave a Reply